First published: Wed Jun 15 2022(Updated: )
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.
Credit: productsecurity@jci.com
Affected Software | Affected Version | How to fix |
---|---|---|
Johnsoncontrols Metasys Application And Data Server | >=10.0<=10.1.5 | |
Johnsoncontrols Metasys Application And Data Server | =11.0 | |
Johnsoncontrols Metasys Application And Data Server | =11.0.1 | |
Johnsoncontrols Metasys Extended Application And Data Server | >=10.0<=10.1.5 | |
Johnsoncontrols Metasys Extended Application And Data Server | =11.0 | |
Johnsoncontrols Metasys Extended Application And Data Server | =11.0.1 | |
Johnsoncontrols Metasys Open Application Server | >=10.0<10.1.5 | |
Johnsoncontrols Metasys Open Application Server | =11.0 | |
Johnsoncontrols Metasys Open Application Server | =11.0.1 | |
Johnson Controls, Inc. All Metasys ADS/ADX/OAS Versions 10 and 11 |
Update all Metasys ADS/ADX/OAS 10 versions with patch 10.1.5.
Update all Metasys ADS/ADX/OAS 11 versions with patch 11.0.2.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-21935 is a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 that allows unverified password change.
CVE-2022-21935 impacts Johnson Controls Metasys Application and Data Server versions prior to 10.1.5 and 11.0.2, allowing unverified password change.
CVE-2022-21935 has a severity rating of 7.5 (high).
To fix CVE-2022-21935 in Metasys ADS/ADX/OAS 10.x versions, update to version 10.1.5 or later.
To fix CVE-2022-21935 in Metasys ADS/ADX/OAS 11.x versions, update to version 11.0.2 or later.